The entire umbrella company and contractor accountancy sector has been shaken by multiple cyber security attacks that have had devastating consequences. This article examines the cyber-attacks that have targeted umbrella companies and contractor accountants, including Giant Pay, Brookson, Parasol and SJD Accountancy.
September 2021 – Giant Pay
On Friday 24th September 2021, leading umbrella company, Giant Pay, identified “suspicious activity” on its network. As a result, Giant Pay took all systems off the network and was temporarily forced to stop all operations.
The problems caused by the security breach lasted until 1st October 2021 – the date that Giant Pay released a statement to confirm they had “made over 18,000 payments to workers and processed and paid all outstanding payrolls.”
It appears that Giant Pay was subject to a ransomware attack, and former CEO at the Freelancer and Contractor Services Association (FCSA), Phil Pluck, said the following in a Contractor UK article:
“We are liaising with Giant to ensure we can address this issue at speed, and while Giant has been the victim of a criminal ransomware cyber-attack, I am reassured that their only priority is to ensure that contractors receive the money they are owed.”
January 2021 – Parasol, Brookson, Nixon Williams, SJD Accountancy
As if January isn’t tough enough without having to worry about cyber-attacks. Sadly, four businesses accredited by the FCSA were targeted by cybercriminals in January. Firstly, on Wednesday 12th January, a LinkedIn post by Parasol (an Optionis brand) announced the company was “experiencing a system outage” which was affecting the umbrella portal for its clients. Two days later (Friday 14th January), a new statement confirmed the system outage was caused by “malicious activity” on their network.
The next payroll provider to be hit by cybercriminals was Brookson. In a LinkedIn post by Brookson’s CEO Andrew Fahey, he said:
“As I am sure you aware our industry has experienced several high-profile cyber-attacks over the last few weeks, in many cases disabling businesses for weeks.
Last night the same aggressive attack was applied to the Brookson Group network. Fortunately, our network defences spotted and contained the attack immediately and this allowed us to contain the impact and take the necessary preventative measures to ensure no data was removed.”
Thankfully in later LinkedIn posts, Andrew Fahey confirmed that “no data” had been “been extracted from the Brookson Group network”, and Brookson has a “clear plan of action” to return to a “normal state”.
Frustratingly, the attacks continued and more service providers were hit. Shockingly, Parasol was not the only Optionis brand to be impacted by a cyber-attack. Both Nixon Williams and SJD Accountancy were targeted as well.
Posted on Tuesday 18th January, a statement on the Nixon Williams website said:
“Nixon Williams has recently suffered a cyber security incident that impacted some of our key systems and caused significant disruption to our services. As soon as we identified the issue, we immediately took action to mitigate its impact with the support of external IT security specialists and are working round the clock to minimise disruption to our services and resume normal operations.”
SJD Accountancy also shared a very similar message which was posted at almost exactly the same time. The message started with the following:
“SJD Accountancy has recently suffered a cyber security incident that impacted some of our key systems and caused significant disruption to our services.”
It’s the major companies that are being targeted
Perhaps the most alarming and worrying thing about these cyber-attacks is targeted companies. Giant Pay, Parasol, Brookson, Nixon Williams and SJD Accountancy are all significant players in their industry, and each company holds the prestigious FCSA accreditation. These organisations are well established and have built excellent reputations over the many years they’ve successfully provided contractor payroll and accountancy services to the UK’s temporary workforce. It shows that the people behind the attacks are certainly not going for what might be considered “easy targets”.
The FCSA has shared its views on the recent cyber attacks
The FCSA is the UK’s leading professional body committed to ensuring the supply chain of temporary workers is compliant with UK tax law. The FCSA responded to the spate of cyber-attacks affecting 4 of its members.
In a statement on the FCSA website, they said:
“FCSA is aware of the recent cyber-attacks on members. The consequences to employees of the affected umbrellas can be severe and may take some time to resolve. Many of those employees affected will understand just how difficult it is to fully secure systems in an era where technology is at the core of many businesses. Security, specifically IT security and data integrity, is a fundamental corporate risk.
Whilst there are current attacks underway, there is, naturally, a focus on resolving what are major system outages as soon as possible and striving to minimise the impact on employees expecting payments or having queries go unanswered. In our view it is crucial that workers are kept informed of progress.
FCSA’s view is that when a cyber-attack occurs, there should be rapid and open communication to affected workers, and that workers should be updated regularly. It is vital that steps should be taken to process payments, even if on an interim basis, as soon as is possible. It is our view that the integrity of services to, and the personal data of, workers should be of paramount concern.
FCSA recognises that, particularly in the case of ransomware attacks, the time from attack to resolution is affected by multiple factors and difficulties. These include the ability of targets to contact attackers, the involvement of law enforcement agencies and, often, engaging specialist data recovery experts to reactivate systems. It is rarely simple case of “restore from backup”.”
The statement continues and outlines the expectation of FCSA accredited members should they find themselves subjected to cuter attacks. It says:
“However, we expect FCSA members to make every effort to ensure that employees are paid outstanding amounts as quickly as possible and that they are as open and honest with their employees as they can be given the need for the involvement of law enforcement personnel and recovery specialists.
FCSA is not a regulator, and its expertise is in compliance with employment and tax regulations for the sector. Nevertheless, we urge all our members, and all organisations in the supply chain, to prioritise their response to this risk by undertaking comprehensive and regular reviews of their system security and safeguarding of personal data and, at the very least, putting in place the appropriate measures recommended by the National Cyber Security Centre.”
A worrying time for umbrella companies and accountants
It is a worrying time for umbrella companies and accountancy practices in the UK. Cyber-attacks happen all the time and target any organisation with a network. However, there is no hiding from the fact that umbrellas and accountants have been targeted since September last year.
Undoubtedly, the IT departments at contractor payroll service providers around the country will be hard at work to ensure systems are up to date, security is in place, and a disaster recovery plan (DRP) is optimised – should it ever be needed.
Top 10 umbrella companies
If you’re looking for an umbrella company to switch to or use for the first time, we’ve collated a list of our top 10 umbrella companies, and we think you’ll find it helpful. All of our top 10 are accredited by either the FCSA or Professional Passport. It’s also worth noting that some have special offers at the moment.
